Requirements
- Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related discipline.
- Minimum of 10 years of progressive experience in information technology and cybersecurity, including demonstrated leadership level enterprise security programs within complex or highly regulated environments (preferably healthcare or the broader public sector). At least 3 years of this experience should be in a senior leadership role (e.g., CISO, Director of Security, or equivalent).
- Experience developing and executing an enterprise or regional cybersecurity strategy, including oversight of multi-year roadmaps, risk-based prioritization, and delivery of large-scale security initiatives across complex or multi-stakeholder environments; demonstrated experience presenting to and advising executive leadership and governance bodies on cybersecurity risk, investment decisions, and program performance.
- Experience translating technical cybersecurity risks into clear business impacts for senior leaders and non-technical stakeholders; demonstrated experience building cross-organizational alignment, leading through influence, and driving consensus across diverse internal and external partners.
- Working knowledge of recognized cybersecurity frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT) and relevant privacy and regulatory requirements within healthcare and/or the public sector (e.g., PHIPA, PIPEDA). Experience applying cybersecurity best practices in areas such as cloud security, identity and access management, threat management, and incident response.
- Experience overseeing cybersecurity budgets and managing vendor relationships, including procurement, contract oversight, and performance management within a public sector or healthcare environment.
Nice to Have
- A master’s degree (e.g., MBA or Master’s in Cybersecurity or Information Security Management).
- Professional cybersecurity certifications (e.g., CISSP, CISM, CISA, CCISO). Healthcare-focused certifications are considered an asset.
Additional Information
- Current UHN employees must have successfully completed their probationary period, have a good employee record along with satisfactory attendance in accordance with UHN's attendance management program, to be eligible for consideration.
- All applications must be submitted before the posting close date.
- UHN uses email to communicate with selected candidates. Please ensure you check your email regularly.
- Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any information provided by a candidate be misleading, inaccurate or incorrect, UHN reserves the right to discontinue with the consideration of their application.
- UHN is an equal opportunity employer committed to an inclusive recruitment process and workplace. Requests for accommodation can be made at any stage of the recruitment process. Applicants need to make their requirements known.
